Activity log for bug #551811

Date Who What changed Old value New value Message
2010-03-30 15:53:33 buzzdee bug added bug
2010-03-30 15:53:39 buzzdee coccinella: assignee buzzdee (sebastia)
2010-03-30 15:54:51 buzzdee description Coccinella is not able to very the server SSL certitificate. in jabber/JUI.tcl I see the following: proc ::JUI::SetSecurityIcons {} { variable jwapp if {[llength $jwapp(securityWinL)]} { # security-high: SASL+TLS with a certificate signed by a trusted source # security-medium: {SASL+TLS|TLS on separate port} with a certificate # signed by a source that is not trusted (self-signed certificate) # security-low: only SASL or no security at all set any 0 set sasl [::Jabber::Jlib connect feature sasl] set ssl [::Jabber::Jlib connect feature ssl] set tls [::Jabber::Jlib connect feature tls] set cert 0 set w $jwapp(w) if {$sasl && $tls && $cert} { # TRANSLATORS; code for these strings is not finished set str [mc "The connection is secure"] set image [::Theme::Find16Icon $w secureHighImage] set any 1 } elseif {($sasl && $tls) || $ssl} { but when I manually specify to require a valid server certificate and provide a CA certificate in: jabberlib/jlibtls.tcl then Coccinella is able to verify the certificate of the server. The SSL Icon should be come green when the server certificate is verified. The User should be able to specify a server CA certificate in the Preferences -> Network -> Certificates Coccinella is not able to very the server SSL certitificate. in jabber/JUI.tcl I see the following: proc ::JUI::SetSecurityIcons {} {     variable jwapp     if {[llength $jwapp(securityWinL)]} {         # security-high: SASL+TLS with a certificate signed by a trusted source         # security-medium: {SASL+TLS|TLS on separate port} with a certificate         # signed by a source that is not trusted (self-signed certificate)         # security-low: only SASL or no security at all         set any 0         set sasl [::Jabber::Jlib connect feature sasl]         set ssl [::Jabber::Jlib connect feature ssl]         set tls [::Jabber::Jlib connect feature tls]         set cert 0         set w $jwapp(w)         if {$sasl && $tls && $cert} {             # TRANSLATORS; code for these strings is not finished             set str [mc "The connection is secure"]             set image [::Theme::Find16Icon $w secureHighImage]             set any 1         } elseif {($sasl && $tls) || $ssl} { but when I manually specify to require a valid server certificate and provide a CA certificate in: jabberlib/jlibtls.tcl proc jlib::tls_proceed {jlibname tag xmllist} { upvar ${jlibname}::lib lib upvar ${jlibname}::locals locals Debug 2 "jlib::tls_proceed" set sock $lib(sock) # Make it a SSL connection. if {[catch { tls::import $sock -cafile "~/Documents/coccinella-trunk/coccinella/sub.class1.server.ca.pem" -certfile "" -keyfile "" \ -request 1 -server 0 -require 1 -ssl2 no -ssl3 yes -tls1 yes } err]} { close $sock tls_finish $jlibname starttls-failure $err } then Coccinella is able to verify the certificate of the server. The SSL Icon should be come green when the server certificate is verified. The User should be able to specify a server CA certificate in the Preferences -> Network -> Certificates This should work for both: SSL and TLS
2010-04-04 11:09:35 buzzdee coccinella: importance Medium Wishlist
2010-04-04 11:28:34 buzzdee attachment added patch implementing the server certificate check added for review http://launchpadlibrarian.net/43068930/validate_server_cert.patch
2010-04-04 11:29:01 buzzdee coccinella: status New Fix Committed
2010-04-07 07:26:39 buzzdee attachment added CA Certificate file containing certificate chain for StartSSL and CACert.org http://launchpadlibrarian.net/43328378/tls-ca.pem
2010-04-07 07:29:12 buzzdee coccinella: status Fix Committed In Progress
2010-04-13 15:09:32 buzzdee attachment added mentioned patch including the certificates http://launchpadlibrarian.net/44043738/coccinella_including_certificates.patch
2010-05-03 12:00:43 buzzdee bug watch added http://sourceforge.net/support/tracker.php?aid=2953768
2010-06-03 15:16:21 buzzdee coccinella: status In Progress Fix Committed
2010-09-30 08:23:59 sander coccinella: status Fix Committed Fix Released